From 12b3618623b9cb3775f5856b121bf6cd6fdab341 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Wed, 2 Mar 2011 16:01:57 +0000 Subject: [PATCH 01/10] Rough outline for introducing SSL support --- deps/rabbitmq_stomp/src/rabbit_stomp.erl | 9 ++- .../src/rabbit_stomp_reader.erl | 7 +- deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl | 72 +++++++++++++------ 3 files changed, 64 insertions(+), 24 deletions(-) diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp.erl b/deps/rabbitmq_stomp/src/rabbit_stomp.erl index 0f5e226ebf..c769dbd8bc 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp.erl @@ -46,6 +46,11 @@ stop(_State) -> parse_listener_configuration() -> case application:get_env(tcp_listeners) of - undefined -> throw({error, {stomp_configuration_not_found}}); - {ok, Listeners} -> Listeners + undefined -> + throw({error, {stomp_configuration_not_found}}); + {ok, Listeners} -> + case application:get_env(ssl_listeners) of + undefined -> {Listeners, []}; + {ok, SslListeners} -> {Listeners, SslListeners} + end end. diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl index 711f9cba5e..5a6a3e03b5 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl @@ -43,18 +43,21 @@ start_link(ProcessorPid) -> init(ProcessorPid) -> receive - {go, Sock} -> + {go, Sock, SockTransform} -> ok = inet:setopts(Sock, [{active, false}]), {ok, {PeerAddress, PeerPort}} = inet:peername(Sock), PeerAddressS = inet_parse:ntoa(PeerAddress), error_logger:info_msg("starting STOMP connection ~p from ~s:~p~n", [self(), PeerAddressS, PeerPort]), + + {ok, ClientSock} = SockTransform(Sock), + ParseState = rabbit_stomp_frame:initial_state(), try ?MODULE:mainloop( register_memory_alarm( - #reader_state{socket = Sock, + #reader_state{socket = ClientSock, parse_state = ParseState, processor = ProcessorPid, state = running, diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl index c89bc2a831..66cb13ab2e 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl @@ -33,41 +33,73 @@ -export([start_link/1, init/1]). --export([listener_started/2, listener_stopped/2, start_client/1]). +-export([listener_started/3, listener_stopped/3, + start_client/1, start_ssl_client/2]). start_link(Listeners) -> supervisor:start_link({local, ?MODULE}, ?MODULE, [Listeners]). -init([Listeners]) -> +init([{Listeners, SslListeners}]) -> {ok, SocketOpts} = application:get_env(rabbit_stomp, tcp_listen_options), + + SslOpts = case SslListeners of + [] -> none; + _ -> rabbit_networking:ensure_ssl() + end, + {ok, {{one_for_all, 10, 10}, [{rabbit_stomp_client_sup_sup, {rabbit_client_sup, start_link, [{local, rabbit_stomp_client_sup_sup}, {rabbit_stomp_client_sup, start_link,[]}]}, transient, infinity, supervisor, [rabbit_client_sup]} | - [{Name, - {tcp_listener_sup, start_link, - [IPAddress, Port, - [Family | SocketOpts], - {?MODULE, listener_started, []}, - {?MODULE, listener_stopped, []}, - {?MODULE, start_client, []}, "STOMP Listener"]}, - transient, infinity, supervisor, [tcp_listener_sup]} || - Listener <- Listeners, - {IPAddress, Port, Family, Name} <- - rabbit_networking:check_tcp_listener_address( - rabbit_stomp_listener_sup, Listener)]]}}. + listener_specs(fun tcp_listener_spec/1, [SocketOpts], Listeners) ++ + listener_specs(fun ssl_listener_spec/1, + [SocketOpts, SslOpts], SslListeners)]}}. -listener_started(IPAddress, Port) -> - rabbit_networking:tcp_listener_started(stomp, IPAddress, Port). -listener_stopped(IPAddress, Port) -> - rabbit_networking:tcp_listener_stopped(stomp, IPAddress, Port). -start_client(Sock) -> +listener_specs(Fun, Args, Listeners) -> + [Fun([Address | Args]) || + Listener <- Listeners, + Address <- rabbit_networking:check_tcp_listener_address( + rabbit_stomp_listener_sup, Listener)]. + +tcp_listener_spec([Address, SocketOpts]) -> + listener_spec(Address, SocketOpts, stomp, + {?MODULE, start_client, []}, "STOMP TCP Listener"). + +ssl_listener_spec([Address, SocketOpts, SslOpts]) -> + listener_spec(Address, SocketOpts, 'stomp/ssl', + {?MODULE, start_ssl_client, [SslOpts]}, "STOMP SSL Listener"). + +listener_spec({IPAddress, Port, Family, Name}, + SocketOpts, Protocol, OnConnect, Label) -> + {Name, + {tcp_listener_sup, start_link, + [IPAddress, Port, + [Family | SocketOpts], + {?MODULE, listener_started, [Protocol]}, + {?MODULE, listener_stopped, [Protocol]}, + OnConnect, Label]}, + transient, infinity, supervisor, [tcp_listener_sup]}. + +listener_started(Protocol, IPAddress, Port) -> + rabbit_networking:tcp_listener_started(Protocol, IPAddress, Port). + +listener_stopped(Protocol, IPAddress, Port) -> + rabbit_networking:tcp_listener_stopped(Protocol, IPAddress, Port). + +start_client(Sock, SockTransform) -> {ok, SupPid, ReaderPid} = supervisor:start_child(rabbit_stomp_client_sup_sup, [Sock]), ok = gen_tcp:controlling_process(Sock, ReaderPid), - ReaderPid ! {go, Sock}, + ReaderPid ! {go, Sock, SockTransform}, SupPid. + +start_client(Sock) -> + start_client(Sock, fun(S) -> {ok, S} end). + +start_ssl_client(Sock, SslOpts) -> + start_client(Sock, rabbit_networking:ssl_transform_fun(SslOpts)). + From 3fddfacbd274451be93ad225c5b71cbbc0a66b88 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Wed, 2 Mar 2011 23:00:25 +0000 Subject: [PATCH 02/10] SSL connections largely working. Rough connection test --- deps/rabbitmq_stomp/Makefile | 39 ++++++++++++++++++- .../src/rabbit_stomp_processor.erl | 2 +- deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl | 2 +- deps/rabbitmq_stomp/test/test.py | 29 ++------------ deps/rabbitmq_stomp/test/test_runner.py | 25 ++++++++++++ deps/rabbitmq_stomp/test/test_ssl.py | 31 +++++++++++++++ 6 files changed, 99 insertions(+), 29 deletions(-) create mode 100644 deps/rabbitmq_stomp/test/test_runner.py create mode 100755 deps/rabbitmq_stomp/test/test_ssl.py diff --git a/deps/rabbitmq_stomp/Makefile b/deps/rabbitmq_stomp/Makefile index d7b9aeebb7..b54078b4ad 100644 --- a/deps/rabbitmq_stomp/Makefile +++ b/deps/rabbitmq_stomp/Makefile @@ -4,15 +4,19 @@ DEPS=rabbitmq-server rabbitmq-erlang-client START_RABBIT_IN_TESTS=true TEST_APPS=rabbit_stomp -TEST_SCRIPTS=./test/test.py UNIT_TEST_COMMANDS=eunit:test([rabbit_stomp_test_util,rabbit_stomp_test_frame],[verbose]) +RABBITMQ_TEST_PATH=../../rabbitmq-test +CERTS_DIR=$(abspath certs) + +TEST_SCRIPTS=./test/test.py + include ../include.mk testdeps: make -C deps/stomppy -test: unittest testdeps +test: unittest testdeps $(CERTS_DIR) unittest: $(TARGETS) $(TEST_TARGETS) ERL_LIBS=$(LIBS_PATH) $(ERL) $(TEST_LOAD_PATH) \ @@ -20,3 +24,34 @@ unittest: $(TARGETS) $(TEST_TARGETS) -eval 'init:stop()' | tee $(TMPDIR)/rabbit-stomp-unittest-output |\ egrep "passed" >/dev/null + +CAN_RUN_SSL=$(shell if [ -d $(RABBITMQ_TEST_PATH) ]; then echo "true"; else echo "false"; fi) + +ssl_clean: + rm -rf $(CERTS_DIR) + +SSL_VERIFY=$(shell if [ $$(erl -noshell -eval 'io:format(erlang:system_info(version)), halt().') \> "5.7.0" ]; then echo "true"; else echo "false"; fi) +ifeq (true,$(SSL_VERIFY)) +SSL_VERIFY_OPTION :={verify,verify_peer},{fail_if_no_peer_cert,false} +else +SSL_VERIFY_OPTION :={verify_code,1} +endif + +ifeq ($(CAN_RUN_SSL),true) + +TEST_SCRIPTS += ./test/test_ssl.py + +TEST_ARGS := -rabbit_stomp ssl_listeners [61614] -rabbit ssl_options [{cacertfile,\"$(CERTS_DIR)/testca/cacert.pem\"},{certfile,\"$(CERTS_DIR)/server/cert.pem\"},{keyfile,\"$(CERTS_DIR)/server/key.pem\"},$(SSL_VERIFY_OPTION)] + + +$(CERTS_DIR): + mkdir -p $(CERTS_DIR) + make -C $(RABBITMQ_TEST_PATH)/certs PASSWORD=test DIR=$(abspath $(CERTS_DIR)) +else + +$(CERTS_DIR): + mkdir -p $(CERTS_DIR) + touch $(CERTS_DIR)/.ssl_skip + +endif + diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl index b0ecfa6542..4394a755d5 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl @@ -634,7 +634,7 @@ ensure_heartbeats(Heartbeats, X <- re:split(Heartbeats, ",", [{return, list}])], SendFun = fun() -> - catch gen_tcp:send(Sock, <<0>>) + catch rabbit_net:send(Sock, <<0>>) end, Pid = self(), diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl index 66cb13ab2e..c84f7a5346 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl @@ -100,6 +100,6 @@ start_client(Sock, SockTransform) -> start_client(Sock) -> start_client(Sock, fun(S) -> {ok, S} end). -start_ssl_client(Sock, SslOpts) -> +start_ssl_client(SslOpts, Sock) -> start_client(Sock, rabbit_networking:ssl_transform_fun(SslOpts)). diff --git a/deps/rabbitmq_stomp/test/test.py b/deps/rabbitmq_stomp/test/test.py index 662e13dbd3..4a5edb6d42 100755 --- a/deps/rabbitmq_stomp/test/test.py +++ b/deps/rabbitmq_stomp/test/test.py @@ -1,30 +1,9 @@ #!/usr/bin/env python -import unittest -import sys -import os - -def add_deps_to_path(): - deps_dir = os.path.realpath(os.path.join(__file__, "..", "..", "deps")) - sys.path.append(os.path.join(deps_dir, "stomppy", "stomppy")) - -def run_unittests(): - add_deps_to_path() - modules = ['parsing', 'destinations', 'lifecycle', 'transactions', - 'ack', 'errors'] - - suite = unittest.TestSuite() - for m in modules: - mod = __import__(m) - for name in dir(mod): - obj = getattr(mod, name) - if name.startswith("Test") and issubclass(obj, unittest.TestCase): - suite.addTest(unittest.TestLoader().loadTestsFromTestCase(obj)) - - ts = unittest.TextTestRunner().run(unittest.TestSuite(suite)) - if ts.errors or ts.failures: - sys.exit(1) +import test_runner if __name__ == '__main__': - run_unittests() + modules = ['parsing', 'destinations', 'lifecycle', 'transactions', + 'ack', 'errors'] + test_runner.run_unittests(modules) diff --git a/deps/rabbitmq_stomp/test/test_runner.py b/deps/rabbitmq_stomp/test/test_runner.py new file mode 100644 index 0000000000..21e2f88d99 --- /dev/null +++ b/deps/rabbitmq_stomp/test/test_runner.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +import unittest +import sys +import os + +def add_deps_to_path(): + deps_dir = os.path.realpath(os.path.join(__file__, "..", "..", "deps")) + sys.path.append(os.path.join(deps_dir, "stomppy", "stomppy")) + +def run_unittests(modules): + add_deps_to_path() + + suite = unittest.TestSuite() + for m in modules: + mod = __import__(m) + for name in dir(mod): + obj = getattr(mod, name) + if name.startswith("Test") and issubclass(obj, unittest.TestCase): + suite.addTest(unittest.TestLoader().loadTestsFromTestCase(obj)) + + ts = unittest.TextTestRunner().run(unittest.TestSuite(suite)) + if ts.errors or ts.failures: + sys.exit(1) + diff --git a/deps/rabbitmq_stomp/test/test_ssl.py b/deps/rabbitmq_stomp/test/test_ssl.py new file mode 100755 index 0000000000..4d5780a0ed --- /dev/null +++ b/deps/rabbitmq_stomp/test/test_ssl.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +import unittest +import sys +import time +import os + +import test_runner + +class TestSslClient(unittest.TestCase): + + def test_ssl_connect(self): + ssl_key_file = os.path.abspath("certs/client/key.pem") + ssl_cert_file = os.path.abspath("certs/client/cert.pem") + ssl_ca_certs = os.path.abspath("certs/testca/cacert.pem") + + import stomp + conn = stomp.Connection(user="guest", passcode="guest", + host_and_ports = [ ('localhost', 61614) ], + use_ssl = True, ssl_key_file = ssl_key_file, + ssl_cert_file = ssl_cert_file, + ssl_ca_certs = ssl_ca_certs) + + conn.start() + conn.stop() + + +if __name__ == '__main__': + modules = ['test_ssl'] + test_runner.run_unittests(modules) + From 22c5d21ca35b66b5486d1a43fef7d9376a139fe9 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Thu, 3 Mar 2011 15:22:55 +0000 Subject: [PATCH 03/10] Fixed bug with SSL socket setup. Added full SSL communication test --- .../src/rabbit_stomp_client_sup.erl | 1 + .../src/rabbit_stomp_reader.erl | 10 ++-- deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl | 13 +++-- deps/rabbitmq_stomp/test/ssl_lifecycle.py | 51 +++++++++++++++++++ deps/rabbitmq_stomp/test/test_ssl.py | 25 +-------- 5 files changed, 62 insertions(+), 38 deletions(-) create mode 100644 deps/rabbitmq_stomp/test/ssl_lifecycle.py diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl index b76da2c49f..b84dc01216 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl @@ -55,3 +55,4 @@ start_link(Sock) -> init([]) -> {ok, {{one_for_all, 0, 1}, []}}. + diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl index 5a6a3e03b5..fd393756e5 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_reader.erl @@ -43,21 +43,17 @@ start_link(ProcessorPid) -> init(ProcessorPid) -> receive - {go, Sock, SockTransform} -> - ok = inet:setopts(Sock, [{active, false}]), - - {ok, {PeerAddress, PeerPort}} = inet:peername(Sock), + {go, Sock} -> + {ok, {PeerAddress, PeerPort}} = rabbit_net:peername(Sock), PeerAddressS = inet_parse:ntoa(PeerAddress), error_logger:info_msg("starting STOMP connection ~p from ~s:~p~n", [self(), PeerAddressS, PeerPort]), - {ok, ClientSock} = SockTransform(Sock), - ParseState = rabbit_stomp_frame:initial_state(), try ?MODULE:mainloop( register_memory_alarm( - #reader_state{socket = ClientSock, + #reader_state{socket = Sock, parse_state = ParseState, processor = ProcessorPid, state = running, diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl index c84f7a5346..c789885399 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_sup.erl @@ -90,16 +90,15 @@ listener_started(Protocol, IPAddress, Port) -> listener_stopped(Protocol, IPAddress, Port) -> rabbit_networking:tcp_listener_stopped(Protocol, IPAddress, Port). -start_client(Sock, SockTransform) -> +start_client(Sock) -> {ok, SupPid, ReaderPid} = supervisor:start_child(rabbit_stomp_client_sup_sup, [Sock]), - ok = gen_tcp:controlling_process(Sock, ReaderPid), - ReaderPid ! {go, Sock, SockTransform}, + ok = rabbit_net:controlling_process(Sock, ReaderPid), + ReaderPid ! {go, Sock}, SupPid. -start_client(Sock) -> - start_client(Sock, fun(S) -> {ok, S} end). - start_ssl_client(SslOpts, Sock) -> - start_client(Sock, rabbit_networking:ssl_transform_fun(SslOpts)). + Transform = rabbit_networking:ssl_transform_fun(SslOpts), + {ok, SslSock} = Transform(Sock), + start_client(SslSock). diff --git a/deps/rabbitmq_stomp/test/ssl_lifecycle.py b/deps/rabbitmq_stomp/test/ssl_lifecycle.py new file mode 100644 index 0000000000..e7badf6b5d --- /dev/null +++ b/deps/rabbitmq_stomp/test/ssl_lifecycle.py @@ -0,0 +1,51 @@ +import unittest +import os + +import stomp +import base + +class TestSslClient(unittest.TestCase): + + def __ssl_connect(self): + ssl_key_file = os.path.abspath("certs/client/key.pem") + ssl_cert_file = os.path.abspath("certs/client/cert.pem") + ssl_ca_certs = os.path.abspath("certs/testca/cacert.pem") + + conn = stomp.Connection(user="guest", passcode="guest", + host_and_ports = [ ('localhost', 61614) ], + use_ssl = True, ssl_key_file = ssl_key_file, + ssl_cert_file = ssl_cert_file, + ssl_ca_certs = ssl_ca_certs) + + conn.start() + conn.connect() + return conn + + def test_ssl_connect(self): + conn = self.__ssl_connect() + conn.stop() + + def test_ssl_send_receive(self): + conn = self.__ssl_connect() + + try: + listener = base.WaitableListener() + + conn.set_listener('', listener) + + d = "/topic/ssl.test" + conn.subscribe(destination=d, receipt="sub") + + self.assertTrue(listener.await(1)) + + self.assertEquals("sub", + listener.receipts[0]['headers']['receipt-id']) + + listener.reset(1) + conn.send("Hello SSL!", destination=d) + + self.assertTrue(listener.await()) + + self.assertEquals("Hello SSL!", listener.messages[0]['message']) + finally: + conn.disconnect() diff --git a/deps/rabbitmq_stomp/test/test_ssl.py b/deps/rabbitmq_stomp/test/test_ssl.py index 4d5780a0ed..b62755f31e 100755 --- a/deps/rabbitmq_stomp/test/test_ssl.py +++ b/deps/rabbitmq_stomp/test/test_ssl.py @@ -1,31 +1,8 @@ #!/usr/bin/env python -import unittest -import sys -import time -import os - import test_runner -class TestSslClient(unittest.TestCase): - - def test_ssl_connect(self): - ssl_key_file = os.path.abspath("certs/client/key.pem") - ssl_cert_file = os.path.abspath("certs/client/cert.pem") - ssl_ca_certs = os.path.abspath("certs/testca/cacert.pem") - - import stomp - conn = stomp.Connection(user="guest", passcode="guest", - host_and_ports = [ ('localhost', 61614) ], - use_ssl = True, ssl_key_file = ssl_key_file, - ssl_cert_file = ssl_cert_file, - ssl_ca_certs = ssl_ca_certs) - - conn.start() - conn.stop() - - if __name__ == '__main__': - modules = ['test_ssl'] + modules = ['ssl_lifecycle'] test_runner.run_unittests(modules) From 6e65f0e5331a2d67df2783bb4501484363b40e78 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Thu, 3 Mar 2011 15:59:31 +0000 Subject: [PATCH 04/10] Added skeleton ssl_listeners to the STOMP app file --- deps/rabbitmq_stomp/ebin/rabbit_stomp.app.in | 1 + 1 file changed, 1 insertion(+) diff --git a/deps/rabbitmq_stomp/ebin/rabbit_stomp.app.in b/deps/rabbitmq_stomp/ebin/rabbit_stomp.app.in index 543d25483f..679317d8bd 100644 --- a/deps/rabbitmq_stomp/ebin/rabbit_stomp.app.in +++ b/deps/rabbitmq_stomp/ebin/rabbit_stomp.app.in @@ -13,6 +13,7 @@ {registered, []}, {mod, {rabbit_stomp, []}}, {env, [{tcp_listeners, [61613]}, + {ssl_listeners, []}, {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, From 1e2be7243995970b0d7bdc577ff4348ae665fa1a Mon Sep 17 00:00:00 2001 From: Steve Powell Date: Wed, 16 Mar 2011 14:45:58 +0000 Subject: [PATCH 05/10] Correct Makefile to run ssl tests. --- deps/rabbitmq_stomp/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/deps/rabbitmq_stomp/Makefile b/deps/rabbitmq_stomp/Makefile index b54078b4ad..85c47d0a16 100644 --- a/deps/rabbitmq_stomp/Makefile +++ b/deps/rabbitmq_stomp/Makefile @@ -7,7 +7,7 @@ TEST_APPS=rabbit_stomp UNIT_TEST_COMMANDS=eunit:test([rabbit_stomp_test_util,rabbit_stomp_test_frame],[verbose]) RABBITMQ_TEST_PATH=../../rabbitmq-test -CERTS_DIR=$(abspath certs) +CERTS_DIR:=$(abspath certs) TEST_SCRIPTS=./test/test.py @@ -30,7 +30,7 @@ CAN_RUN_SSL=$(shell if [ -d $(RABBITMQ_TEST_PATH) ]; then echo "true"; else echo ssl_clean: rm -rf $(CERTS_DIR) -SSL_VERIFY=$(shell if [ $$(erl -noshell -eval 'io:format(erlang:system_info(version)), halt().') \> "5.7.0" ]; then echo "true"; else echo "false"; fi) +SSL_VERIFY:=$(shell if [ $$(erl -noshell -eval 'io:format(erlang:system_info(version)), halt().') \> "5.7.0" ]; then echo "true"; else echo "false"; fi) ifeq (true,$(SSL_VERIFY)) SSL_VERIFY_OPTION :={verify,verify_peer},{fail_if_no_peer_cert,false} else @@ -41,8 +41,7 @@ ifeq ($(CAN_RUN_SSL),true) TEST_SCRIPTS += ./test/test_ssl.py -TEST_ARGS := -rabbit_stomp ssl_listeners [61614] -rabbit ssl_options [{cacertfile,\"$(CERTS_DIR)/testca/cacert.pem\"},{certfile,\"$(CERTS_DIR)/server/cert.pem\"},{keyfile,\"$(CERTS_DIR)/server/key.pem\"},$(SSL_VERIFY_OPTION)] - +TEST_ARGS := -rabbit_stomp ssl_listeners [61614] -rabbit ssl_options ['{cacertfile,'\"$(CERTS_DIR)/testca/cacert.pem\"'},{certfile,'\"$(CERTS_DIR)/server/cert.pem\"'},{keyfile,'\"$(CERTS_DIR)/server/key.pem\"'},$(SSL_VERIFY_OPTION)'] $(CERTS_DIR): mkdir -p $(CERTS_DIR) From 850e8819c65a7ad774a7937ffa0e83e609c3e3df Mon Sep 17 00:00:00 2001 From: Steve Powell Date: Wed, 16 Mar 2011 16:22:27 +0000 Subject: [PATCH 06/10] Adust Makefile again to correctly build certs for ssl tests --- deps/rabbitmq_stomp/Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/deps/rabbitmq_stomp/Makefile b/deps/rabbitmq_stomp/Makefile index 85c47d0a16..6cead11ba4 100644 --- a/deps/rabbitmq_stomp/Makefile +++ b/deps/rabbitmq_stomp/Makefile @@ -24,30 +24,28 @@ unittest: $(TARGETS) $(TEST_TARGETS) -eval 'init:stop()' | tee $(TMPDIR)/rabbit-stomp-unittest-output |\ egrep "passed" >/dev/null - -CAN_RUN_SSL=$(shell if [ -d $(RABBITMQ_TEST_PATH) ]; then echo "true"; else echo "false"; fi) +CAN_RUN_SSL:=$(shell if [ -d $(RABBITMQ_TEST_PATH) ]; then echo "true"; else echo "false"; fi) ssl_clean: rm -rf $(CERTS_DIR) SSL_VERIFY:=$(shell if [ $$(erl -noshell -eval 'io:format(erlang:system_info(version)), halt().') \> "5.7.0" ]; then echo "true"; else echo "false"; fi) + ifeq (true,$(SSL_VERIFY)) -SSL_VERIFY_OPTION :={verify,verify_peer},{fail_if_no_peer_cert,false} + SSL_VERIFY_OPTION :={verify,verify_peer},{fail_if_no_peer_cert,false} else -SSL_VERIFY_OPTION :={verify_code,1} + SSL_VERIFY_OPTION :={verify_code,1} endif ifeq ($(CAN_RUN_SSL),true) - -TEST_SCRIPTS += ./test/test_ssl.py - -TEST_ARGS := -rabbit_stomp ssl_listeners [61614] -rabbit ssl_options ['{cacertfile,'\"$(CERTS_DIR)/testca/cacert.pem\"'},{certfile,'\"$(CERTS_DIR)/server/cert.pem\"'},{keyfile,'\"$(CERTS_DIR)/server/key.pem\"'},$(SSL_VERIFY_OPTION)'] + TEST_SCRIPTS += ./test/test_ssl.py + TEST_ARGS := -rabbit_stomp ssl_listeners [61614] -rabbit ssl_options ['{cacertfile,'\"$(CERTS_DIR)/testca/cacert.pem\"'},{certfile,'\"$(CERTS_DIR)/server/cert.pem\"'},{keyfile,'\"$(CERTS_DIR)/server/key.pem\"'},$(SSL_VERIFY_OPTION)'] $(CERTS_DIR): mkdir -p $(CERTS_DIR) - make -C $(RABBITMQ_TEST_PATH)/certs PASSWORD=test DIR=$(abspath $(CERTS_DIR)) -else + make -C $(RABBITMQ_TEST_PATH)/certs all PASSWORD=test DIR=$(CERTS_DIR) +else $(CERTS_DIR): mkdir -p $(CERTS_DIR) touch $(CERTS_DIR)/.ssl_skip From 6d07bfa27c828fa56b58e62ac08a4312da32e4d6 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Fri, 3 Jun 2011 14:47:36 +0100 Subject: [PATCH 07/10] SSL tests running again --- deps/rabbitmq_stomp/package.mk | 30 ++++++++++++++++++- deps/rabbitmq_stomp/test/src/ssl.config | 12 ++++++++ deps/rabbitmq_stomp/test/src/ssl_lifecycle.py | 6 ++-- 3 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 deps/rabbitmq_stomp/test/src/ssl.config diff --git a/deps/rabbitmq_stomp/package.mk b/deps/rabbitmq_stomp/package.mk index b850fad29c..1d6d8845f2 100644 --- a/deps/rabbitmq_stomp/package.mk +++ b/deps/rabbitmq_stomp/package.mk @@ -3,11 +3,39 @@ DEPS:=rabbitmq-server rabbitmq-erlang-client STANDALONE_TEST_COMMANDS:=eunit:test([rabbit_stomp_test_util,rabbit_stomp_test_frame],[verbose]) WITH_BROKER_TEST_SCRIPTS:=$(PACKAGE_DIR)/test/src/test.py +RABBITMQ_TEST_PATH=../../rabbitmq-test +CERTS_DIR:=$(abspath test/certs) +CAN_RUN_SSL:=$(shell if [ -d $(RABBITMQ_TEST_PATH) ]; then echo "true"; else echo "false"; fi) + +TEST_CONFIG_PATH=$(TEST_EBIN_DIR)/test.config +WITH_BROKER_TEST_CONFIG:=$(TEST_EBIN_DIR)/test + +ifeq ($(CAN_RUN_SSL),true) + +WITH_BROKER_TEST_SCRIPTS += $(PACKAGE_DIR)/test/src/test_ssl.py + +$(TEST_CONFIG_PATH): $(CERTS_DIR) + sed -e "s|%%CERTS_DIR%%|$(CERTS_DIR)|g" < test/src/ssl.config > $@ + echo $(WITH_BROKER_TEST_CONFIG) + +$(CERTS_DIR): $(SSL_CONFIG_PATH) + mkdir -p $(CERTS_DIR) + make -C $(RABBITMQ_TEST_PATH)/certs all PASSWORD=test DIR=$(CERTS_DIR) + +$(SSL_CONFIG_PATH) +else +$(TEST_CONFIG_PATH): + echo "[]." >> $@ +endif + define package_rules -$(PACKAGE_DIR)+pre-test:: +$(PACKAGE_DIR)+pre-test:: $(TEST_CONFIG_PATH) make -C $(PACKAGE_DIR)/deps/stomppy +$(PACKAGE_DIR)+clean:: + rm -rf $(CERTS_DIR) + $(PACKAGE_DIR)+clean-with-deps:: make -C $(PACKAGE_DIR)/deps/stomppy distclean diff --git a/deps/rabbitmq_stomp/test/src/ssl.config b/deps/rabbitmq_stomp/test/src/ssl.config new file mode 100644 index 0000000000..67ec5c4ae7 --- /dev/null +++ b/deps/rabbitmq_stomp/test/src/ssl.config @@ -0,0 +1,12 @@ +[ + {rabbitmq_stomp, [ + {ssl_listeners, [61614]} + ]}, + {rabbit, [ + {ssl_options, [{cacertfile,"%%CERTS_DIR%%/testca/cacert.pem"}, + {certfile,"%%CERTS_DIR%%/server/cert.pem"}, + {keyfile,"%%CERTS_DIR%%/server/key.pem"}, + {verify,verify_peer}, + {fail_if_no_peer_cert,false}]} + ]} +]. diff --git a/deps/rabbitmq_stomp/test/src/ssl_lifecycle.py b/deps/rabbitmq_stomp/test/src/ssl_lifecycle.py index e7badf6b5d..554d94983d 100644 --- a/deps/rabbitmq_stomp/test/src/ssl_lifecycle.py +++ b/deps/rabbitmq_stomp/test/src/ssl_lifecycle.py @@ -7,9 +7,9 @@ import base class TestSslClient(unittest.TestCase): def __ssl_connect(self): - ssl_key_file = os.path.abspath("certs/client/key.pem") - ssl_cert_file = os.path.abspath("certs/client/cert.pem") - ssl_ca_certs = os.path.abspath("certs/testca/cacert.pem") + ssl_key_file = os.path.abspath("test/certs/client/key.pem") + ssl_cert_file = os.path.abspath("test/certs/client/cert.pem") + ssl_ca_certs = os.path.abspath("test/certs/testca/cacert.pem") conn = stomp.Connection(user="guest", passcode="guest", host_and_ports = [ ('localhost', 61614) ], From ac045bf7c4ae85c2331f1e35203f67925d5ec504 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Fri, 3 Jun 2011 14:48:47 +0100 Subject: [PATCH 08/10] Tweaks to hgignore --- deps/rabbitmq_stomp/.hgignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deps/rabbitmq_stomp/.hgignore b/deps/rabbitmq_stomp/.hgignore index 589d0ea2de..67187c170b 100644 --- a/deps/rabbitmq_stomp/.hgignore +++ b/deps/rabbitmq_stomp/.hgignore @@ -5,3 +5,5 @@ ^cover/ ^erl_crash.dump$ \.pyc$ +^test/certs/ +^test/ebin/test.config From 1ac2b076a42f52002af4cf85caa85133d36bbaf6 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Fri, 3 Jun 2011 16:32:03 +0100 Subject: [PATCH 09/10] Removed whitespace and upgraded adapter info to display SSL --- deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl | 1 - deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl | 8 +++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl index b84dc01216..b76da2c49f 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_client_sup.erl @@ -55,4 +55,3 @@ start_link(Sock) -> init([]) -> {ok, {{one_for_all, 0, 1}, []}}. - diff --git a/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl b/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl index 21e3e8bdb8..6b2be9956c 100644 --- a/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl +++ b/deps/rabbitmq_stomp/src/rabbit_stomp_processor.erl @@ -356,12 +356,18 @@ do_login(_, _, _, _, _, _, State) -> adapter_info(Sock, Version) -> {ok, {Addr, Port}} = rabbit_net:sockname(Sock), {ok, {PeerAddr, PeerPort}} = rabbit_net:peername(Sock), - #adapter_info{protocol = {'STOMP', Version}, + #adapter_info{protocol = {adapter_protocol(Sock), Version}, address = Addr, port = Port, peer_address = PeerAddr, peer_port = PeerPort}. +adapter_protocol(Sock) -> + case rabbit_net:is_ssl(Sock) of + true -> "STOMP/SSL"; + false -> "STOMP" + end. + do_subscribe(Destination, DestHdr, Frame, State = #state{subscriptions = Subs, connection = Connection, From 7aa655f7dfd16dd549a8978b1f86a051df758e54 Mon Sep 17 00:00:00 2001 From: Rob Harrop Date: Tue, 7 Jun 2011 14:47:09 +0100 Subject: [PATCH 10/10] Removed extraneous lines in package.mk --- deps/rabbitmq_stomp/package.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deps/rabbitmq_stomp/package.mk b/deps/rabbitmq_stomp/package.mk index 1d6d8845f2..6e41d4ed07 100644 --- a/deps/rabbitmq_stomp/package.mk +++ b/deps/rabbitmq_stomp/package.mk @@ -18,11 +18,10 @@ $(TEST_CONFIG_PATH): $(CERTS_DIR) sed -e "s|%%CERTS_DIR%%|$(CERTS_DIR)|g" < test/src/ssl.config > $@ echo $(WITH_BROKER_TEST_CONFIG) -$(CERTS_DIR): $(SSL_CONFIG_PATH) +$(CERTS_DIR): mkdir -p $(CERTS_DIR) make -C $(RABBITMQ_TEST_PATH)/certs all PASSWORD=test DIR=$(CERTS_DIR) -$(SSL_CONFIG_PATH) else $(TEST_CONFIG_PATH): echo "[]." >> $@